Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-2722

ODF 1.2 Part 3 3.4.1 Plaintext and Ciphertext Same Size?

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Applied
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2 CD 05
    • Fix Version/s: ODF 1.2 CD 06
    • Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
    • Labels:
      None
    • Environment:

      This issue applies specifically to section 3.4.1 of ODF 1.2 Part 3 CD01-rev08 and the ODF 1.2 CD05 Part 3 approved form. The question also applies to ODF 1.0/1.1/IIS 26300.

    • Proposal:
      Hide

      1. Reword the section 3.4.1 third paragraph sentence "Encrypted file entries should be flagged as 'STORED' ... in the Zip file's central directory" to include the local file header in the same way as the "real size" value is kept consistent in all places.

      2a. Add the requirement that the ciphertext file size SHALL be the same size as the plaintext deflated file size and encryption algorithms that result in a different cyphertext size SHALL NOT be used.

      2b. Alternatively, add the requirement that when an encryption algorithm does not provide ciphertext files of the same size as the plaintext file, the algorithm and its parameters shall be such that the decryption process delivers the plaintext deflated file in its original size.

      3. In section 3.4.2(3) add a note to 3.4.2 on the default algorithms to the effect that "The derived key is used together with the initialization vector to produce a ciphertext of the same size as the deflated file using the Blowfish algorithm in 8-bit cipher feedback (8-bit CFB) mode."

      Show
      1. Reword the section 3.4.1 third paragraph sentence "Encrypted file entries should be flagged as 'STORED' ... in the Zip file's central directory" to include the local file header in the same way as the "real size" value is kept consistent in all places. 2a. Add the requirement that the ciphertext file size SHALL be the same size as the plaintext deflated file size and encryption algorithms that result in a different cyphertext size SHALL NOT be used. 2b. Alternatively, add the requirement that when an encryption algorithm does not provide ciphertext files of the same size as the plaintext file, the algorithm and its parameters shall be such that the decryption process delivers the plaintext deflated file in its original size. 3. In section 3.4.2(3) add a note to 3.4.2 on the default algorithms to the effect that "The derived key is used together with the initialization vector to produce a ciphertext of the same size as the deflated file using the Blowfish algorithm in 8-bit cipher feedback (8-bit CFB) mode."
    • Resolution:
      Hide

      Add the following paragraph to the end of section 3.4.1 General (for Encryption)
      """
      The encrypted form can be of greater size than the DEFLATED file used as the plaintext (e.g., because of padding of plaintext, inclusion of additional information, and other characteristics of the encryption technique). The encryption method shall be such that the exact size and value of the plaintext DEFLATED file is recovered by the corresponding decryption process.
      """

      Show
      Add the following paragraph to the end of section 3.4.1 General (for Encryption) """ The encrypted form can be of greater size than the DEFLATED file used as the plaintext (e.g., because of padding of plaintext, inclusion of additional information, and other characteristics of the encryption technique). The encryption method shall be such that the exact size and value of the plaintext DEFLATED file is recovered by the corresponding decryption process. """

      Description

      In the third paragraph of section 3.4.1 on General Encryption provisions, it is stated that the uncompressed file size of the deflated file data (the plaintext) is saved in the corresponding <manifest:file-entry> manifest:size attribute value. The deflated file data is replaced by the encryption (ciphertext) of the deflated file data, the entry is changed to STORED and the size of the encrypted file is then carried in those places where the file's real size value is carried.

      1. Why is flagging as STORED asserted for the Zipped file's central directory entry and no other place, although the ciphertext size is placed in all applicable places?

      2. There is no indication of how the size of the plaintext deflated file is to be recovered. Is it to be assumed that the ciphertext size is the same as the size of the plaintext deflated size, so there is no need to recover it separately?

        Attachments

          Activity

            People

            • Assignee:
              orcmid Dennis Hamilton (Inactive)
              Reporter:
              orcmid Dennis Hamilton (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: